[ofbiz-framework] branch trunk updated: Improved: Improve ObjectInputStream class
Locked
[ofbiz-framework] branch trunk updated: Improved: Improve ObjectInputStream class
 
|
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git The following commit(s) were added to refs/heads/trunk by this push: new 3f60efb Improved: Improve ObjectInputStream class 3f60efb is described below commit 3f60efb343a11723aa56c1bc1f5afac3a2f26e9f Author: Jacques Le Roux <[hidden email]> AuthorDate: Sat May 2 12:32:07 2020 +0200 Improved: Improve ObjectInputStream class (OFBIZ-10837) While working on OFBIZ-11633 I crossed an issue in R18 (not in trunk) where objects from org.apache.commons.fileupload (namely DiskFileItem and FileItemHeadersImpl) are not serializable. While at it I decided to handle at the SafeObjectInputStream level the "fileItems" case I already crossed with, OFBIZ-11534, in RequestHandler It has an inconvenient in R18 (not in trunk) where ObjectInputStream can't handle a null class (of course) and so return a benign exception in log (only). I believe it's better to handle these specific cases at the lower possible level in all supported branches. --- .../main/java/org/apache/ofbiz/base/util/SafeObjectInputStream.java | 4 ++++ .../base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java | 4 ++++ .../src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java | 4 ---- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/SafeObjectInputStream.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/SafeObjectInputStream.java index 2aebcde..d50cfbf 100644 --- a/framework/base/src/main/java/org/apache/ofbiz/base/util/SafeObjectInputStream.java +++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/SafeObjectInputStream.java @@ -64,6 +64,10 @@ public final class SafeObjectInputStream extends ObjectInputStream { @Override protected Class<?> resolveClass(ObjectStreamClass classDesc) throws IOException, ClassNotFoundException { if (!whitelistPattern.matcher(classDesc.getName()).find()) { + // DiskFileItem, FileItemHeadersImpl are not serializable. + if (classDesc.getName().contains("org.apache.commons.fileupload")) { + return null; + } Debug.logWarning("***Incompatible class***: " + classDesc.getName() + ". Please see OFBIZ-10837. Report to dev ML if you use OFBiz without changes. " diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java index 7375574..1950e12 100644 --- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java +++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java @@ -77,6 +77,10 @@ public final class UtilObject { Object obj = null; try { obj = getObjectException(bytes); + // DiskFileItem, FileItemHeadersImpl are not serializable. So SafeObjectInputStream::resolveClass return null + if (obj == null) { + return null; + } } catch (ClassNotFoundException | IOException e) { Debug.logError(e, MODULE); } diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java index 84f91e4..6918fcc 100644 --- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java +++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java @@ -878,10 +878,6 @@ public class RequestHandler { } } if (reqAttrMap.size() > 0) { - // fileItems is not serializable. - // It contains a temporary DiskFileItem with a null value than can't be detected by UtilMisc::makeMapSerializable - // So it must be removed from reqAttrMap. See OFBIZ-11534 - reqAttrMap.remove("fileItems"); byte[] reqAttrMapBytes = UtilObject.getBytes(reqAttrMap); if (reqAttrMapBytes != null) { req.getSession().setAttribute("_REQ_ATTR_MAP_", StringUtil.toHexString(reqAttrMapBytes)); |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |